PRIVACY NOTE FOR CUSTOMERS AND SUPPLIERS
YANMAR ITALY SPA based in Milan in via Camperio, 9 as the owner of the processing of personal data pursuant to D. Lgs. 196/2003 and subsequent amendments - Code regarding the protection of personal data ("Privacy Code") - and of EU Regulation 679/2016 applicable from 25 May 2018 - General Regulation on Data Protection ("RGPD") (from now on) onwards the Privacy Code and the RGPD are collectively referred to as "Applicable Regulations") recognizes the importance of the protection of personal data and considers its protection as one of the main objectives of its business.
In compliance with the Applicable Regulations, we are responsible for providing you the necessary information regarding the processing of personal data supplied by you. This is an information that is provided pursuant to articles 13 of the Applicable Regulations and that YANMAR ITALY invites you to read it carefully as it contains important information on the protection of your personal data and on the security measures adopted to ensure confidentiality in full compliance with the applicable laws.
YANMAR ITALY SPA informs that the processing of personal data will be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality. The personal data will therefore be processed in accordance with the legislative provisions of the Applicable Regulations and the confidentiality obligations.
1) OWNER AND PRIVACY MANAGER
According to the Applicable Regulations, the data controller is YANMAR ITALY SPA, with registered office in Milano, Via Camperio, 9.
YANMAR ITALY has also appointed a Privacy Manager, available at: firstname.lastname@example.org for any information concerning the processing of personal data made by the Data Controller, including the request of the list of data processors appointed by the owner himself.
2) PERSONAL DATA OBJECT OF TREATMENT
"Personal Data" means any information concerning an identified or identifiable natural person with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of its physical identity physiological, psychological, economic, cultural or social.
"Particular Data" means personal data that can reveal the original racial and ethnic, religious or philosophical convictions, union membership, as well as genetic and biometric data, data related to health or sex life or all sexual orientation of the person.
"Judicial data" means personal data relating to criminal convictions and crimes or related security measures.
"Treatment" means any operation or set of operations performed with or without automated processes and applied to personal data or set of personal data, such as collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
3) PLACE OF DATA PROCESSING
Data processing takes place at the aforementioned headquarters of the owner, at the operational offices and at identified third parties.
4) TYPES OF DATA PROCESSED
The processing is related to personal and identification data provided voluntarily by the interested party (as examples but not limited to: name, surname, address, VAT number, tax code, landline or mobile phone number, e-mail address, bank account details, etc.).
5) PURPOSE, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF TREATMENT
Personal data voluntarily provided will be processed by the data controller for the following purposes:
- Administrative and accounting. For the purposes of the application of the provisions regarding the protection of personal data, the processing performed for administrative-accounting purposes are those related to the performance of organizational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, these objectives pursue internal organizational activities, those functional to the fulfillment of contractual and pre-contractual obligations, the management of the employment relationship in all its phases, the keeping of accounting and the application of the rules on tax matters, trade union, social security, health, hygiene and safety at work. The legal basis for the pursuit of the aforementioned purposes is the execution of contractual and pre-contractual obligations, and the consequent application of the tax and administrative provisions.
- To answer to specific customer requests, with particular reference to the management of intervention requests. The legal basis for the pursuit of the aforementioned purposes is the execution of the contract and the management of after-sales assistance activities, under warranty or not.
- Security, pursuant to Legislative Decree 81/2008 and subsequent additions and modifications. With particular reference to the identification data freely given by the visitor to our offices (name, surname, institution or company of belonging), the treatment has the exclusive purpose of ensuring compliance with the corporate security procedures formally applied, even in force of the regulations in force (eg annotation in the register/visitor database, assignment of temporary identification badge, applications of legal obligations in the field of safety at work). The legal basis for the pursuit of the aforementioned purposes is the implementation of a legal obligation.
6) MODALITIES OF TREATMENT - DATA CONSERVATION
The treatment will be carried out in an automated and manual way, with methods and tools aimed at guaranteeing maximum security and confidentiality, by authorized parties appointed and responsible for the treatment in accordance with the Applicable Regulations. The data will be stored for a period not exceeding the purposes for which the data were collected and subsequently processed.
7) SCOPE OF COMMUNICATION AND DIFFUSION
The data object of the treatment will not be diffused, unless after explicit authorization of the interested party and after suitable information. The data may instead be communicated to companies contractually linked to the Data Controller and, where necessary, also to persons inside and outside the European Union, in accordance with the limits established by the Applicable Regulations. The data may be disclosed to third parties belonging to the following categories:
- - subjects providing technical assistance and maintenance centers for the execution of repairs, replacements, maintenance;
- - subjects that provide services for the management of the information system used by the Data Controller and telecommunications networks, and who take care of the maintenance of the technological part;
- - subjects and bodies that collaborate with the Data Controller to carry out the training courses as an example and not exhaustive: teachers, Interprofessional Joint Funds;
- - freelancers, firms or companies in the context of assistance and consultancy relationships;
- - subjects that carry out checks, audits and certification of the activities carried out by the Data Controller;
- - competent authorities for the fulfillment of obligations of laws and / or provisions of public bodies, upon request of the same.
The subjects belonging to the aforesaid categories perform the function of Data Processing Manager, or operate in complete autonomy as separate Data Controllers. The list of managers is constantly updated and available on request at the Data Controller.
Any further communication or diffusion will take place only with the explicit consent of the interested party.
Moreover, during the ordinary processing activities, they will be able to access personal and identifying data and therefore become aware of the subjects expressly designated by the writer as responsible and / or in charge of processing, authorized according to their respective profiles.
8) NATURE OF THE CONFERRALITY AND REFUSAL
With regard to the data that we are obliged to know in order to fulfill the obligations arising from existing contracts, and the obligations provided for by laws, regulations, Community legislation, or provisions issued by the Authorities legitimated by the law and bodies supervision and control, the failure to provide it will make it impossible to establish or continue the relationship, in so far as such data are necessary for the execution of the same. The provision of data to allow the Owner to send commercial communications is optional; the interested party can oppose the treatment at any time by exercising the rights provided for by the Applicable Regulations in the forms and methods indicated herein. The owner also announces that any non-communication, or incorrect communication, of one of the mandatory information, has the following consequences:
- - the impossibility of the holder to guarantee the adequacy of the treatment itself to the contractual agreements for which it is performed;
- - the possible mismatch of the treatment results to the obligations imposed by the tax, administrative and civil law to which it is addressed.
9) DATA CONSERVATION
YANMAR ITALY SPA will process the Personal Data for the time strictly necessary to achieve the purposes indicated and, where applicable, in compliance with the conservation obligations established by law, for example regarding the keeping of tax and administrative documentation. Without prejudice to the foregoing, YANMAR ITALY SPA will process Personal Data up to the time allowed by Italian law to protect its own interests (Art. 2947 (1) (3) c.c.). Further information regarding the retention period of Personal Data and the criteria used to determine this period may be requested by writing to the DPO.
10) RIGHTS OF THE INTERESTED PARTY
Within the limits of the Applicable Regulations, the interested party has the right to ask YANMAR ITALY SPA, at any time, to access their Personal Data, to rectify or cancel them or to oppose their treatment, the limitation of processing and obtaining data concerning it in a structured format, in common use and readable by automatic device.
Requests should be sent via e-mail to: email@example.com
Under the Applicable Law, the individual has in any case the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) if he considers that the processing of his Personal Data is contrary to the law in force.